Avast scan states I have a Baidubar-B trojan and recommends that I move it to the chest, however, when I try to move it I get a “not enouth space on disk” error message. Any recommendations on how to proceed in isolating or removing this pest? The file name is
C:\Program Files\Alwil Software\avast4\memory.dmp
There is also a possibilty to use this tool to remove it from your machine onBoot: http://www.snapfiles.com/reviews/MoveOnBoot/moveonboot.html (free)
Install it, right click on the malware file, chose to delete it next boot, reboot, it is gone.
Also remove each of the files in those folders the same way, after they are gone the folders can be deleted, then you should be able to clean the entries in the registry once the files are gone (you may need to take ownership of the keys).
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files were analyzed:
%USERPROFILE%\local settings\temp\0248.exe
The following files have been added to the system:
%WINDIR%\dcbdcatys32_090608a.dll
%WINDIR%\system\sgcxcxxaspf090608.exe
%WINDIR%\system32\inf\
%WINDIR%\system32\inf\scsys16_090608.dll
%WINDIR%\system32\inf\sppdcrs090608.scr
%WINDIR%\system32\inf\svchoct.exe
%WINDIR%\tawisys.ini
%WINDIR%\wftadfi16_090608a.dll
The following registry elements have been created:
I prefer - Unlocker http://ccollomb.free.fr/unlocker/ is also good as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file.